Ivanti Connect Secure 9.x / 22.x XML External Entity

medium Web App Scanning Plugin ID 114203

Synopsis

Ivanti Connect Secure 9.x / 22.x XML External Entity

Description

Ivanti Connect Secure 9.x, 22.x suffers from an XML External Entity.

By crafting a specific HTTP request, a remote attacker could exploit this vulnerability to access certain restricted resources without authentication.

Solution

Apply `mitigation.release.20240126.5.xml` hotfix from vendor website.

See Also

https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

https://labs.watchtowr.com/are-we-now-part-of-ivanti/

Plugin Details

Severity: Medium

ID: 114203

Type: remote

Published: 2/13/2024

Updated: 2/19/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2024-22024

CVSS v3

Risk Factor: High

Base Score: 8.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CVSS Score Source: CVE-2024-22024

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

CVSS Score Source: CVE-2024-22024

Vulnerability Information

CPE: cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2024-22024